forked from jegelstaff/formulize
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathresetpass.php
More file actions
103 lines (92 loc) · 3.89 KB
/
resetpass.php
File metadata and controls
103 lines (92 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
/**
* All functions for Password Expiry & Reset Password generator are going through here.
* Form and process for resetting password and sending to user
*
* @copyright http://www.impresscms.org/ The ImpressCMS Project
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU General Public License (GPL)
* @package Member
* @subpackage Users
* @since ImpressCMS 1.1
* @author Vaughan Montgomery <vaughan@impresscms.org>
* @author The ImpressCMS Project
* @version SVN: $Id: resetpass.php 21047 2011-03-14 15:52:14Z m0nty_ $
*/
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
$email = (isset($_GET['email']))
? trim(filter_input(INPUT_GET, 'email'))
: ((isset($_POST['email'])) ? trim(filter_input(INPUT_POST, 'email')) : $email);
$username = (isset($_GET['username']))
? trim(filter_input(INPUT_GET, 'username'))
: ((isset($_POST['username'])) ? trim(filter_input(INPUT_POST, 'username')) : $username);
$c_password = (isset($_GET['c_password']))
? trim(StopXSS($_GET['c_password']))
: ((isset($_POST['c_password'])) ? trim(StopXSS($_POST['c_password'])) : $c_password);
$password = (isset($_GET['password']))
? trim(StopXSS($_GET['password']))
: ((isset($_POST['password'])) ? trim(StopXSS($_POST['password'])) : $password);
$password2 = (isset($_GET['password2']))
? trim(StopXSS($_GET['password2']))
: ((isset($_POST['password2'])) ? trim(StopXSS($_POST['password2'])) : $password2);
global $icmsConfigUser;
if ($email == '' || $username == '') {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
} elseif ($password == '' || $password2 == '') {
redirect_header('user.php', 2, _US_SORRYMUSTENTERPASS);
}
if ((isset($password)) && ($password !== $password2)) {
redirect_header('user.php', 2, _US_PASSNOTSAME);
} elseif (($password !== '') && (strlen($password) < $icmsConfigUser['minpass'])) {
redirect_header('user.php', 2, sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']));
}
$member_handler = icms::handler('icms_member');
$getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email)));
if (empty($getuser)) {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
} else {
if (strtolower($getuser[0]->getVar('uname')) !== strtolower($username)) {
redirect_header('user.php', 2, _US_SORRYUNAMENOTMATCHEMAIL);
} else {
$current_pass = $getuser[0]->getVar('pass');
$current_salt = $getuser[0]->getVar('salt');
$enc_type = $getuser[0]->getVar('enc_type');
$icmspass = new icms_core_Password();
$c_pass = $icmspass->encryptPass($c_password, $current_salt, $enc_type, 1);
if ($c_pass !== $current_pass) {
redirect_header('user.php', 2, _US_SORRYINCORRECTPASS);
}
$salt = $icmspass->createSalt();
$pass = $icmspass->encryptPass($password, $salt, $icmsConfigUser['enc_type']);
$xoopsMailer = new icms_messaging_Handler();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('resetpass2.tpl');
$xoopsMailer->assign('SITENAME', $icmsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $icmsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', ICMS_URL.'/');
$xoopsMailer->assign('IP', $_SERVER['REMOTE_ADDR']);
$xoopsMailer->setToUsers($getuser[0]);
$xoopsMailer->setFromEmail($icmsConfig['adminmail']);
$xoopsMailer->setFromName($icmsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_PWDRESET, ICMS_URL));
if (!$xoopsMailer->send()) {
echo $xoopsMailer->getErrors();
}
$sql = sprintf("UPDATE %s SET pass = '%s', salt = '%s', pass_expired = '%u', enc_type = '%u' WHERE uid = '%u'",
icms::$xoopsDB->prefix('users'),
$pass,
$salt,
0,
(int) $icmsConfigUser['enc_type'],
(int) $getuser[0]->getVar('uid')
);
if (!icms::$xoopsDB->queryF($sql)) {
include 'header.php';
echo _US_RESETPWDNG;
include 'footer.php';
exit();
}
unset($salt, $pass);
redirect_header('user.php', 3, sprintf(_US_PWDRESET, $getuser[0]->getVar('uname')), FALSE);
}
}